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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method for assigning c e rtificat e s/privat e k e vs certificates and 
associated private keys to a token, comprising: 

accessing the token through a token reader connected to a computer system by a 
c e rtificat e /privat e k e v certificate authority; 

reading a token ID and a user-signature certificate from the token; 

searching for a match for the token ID and the user signature certificate in an 
authoritative database; 

creating a certificate and an associated private key , wherein the certificate and the 
associated private key are4 s wrapped with a public key associated with the token ID and digitally 
signing the c e rtificat e /privat e k e v certificate and the associated private key using a signature 
certificate of the certificate authority if a match for the token ID and the user signature certificate 
is found in the authoritative database ; 

downloading the c e rtificat e /privat e k e v c ertificate and the associated private key to 

the token; and 

decrypting the c e rtificat e /privat e k e y certificate and the associated private key 
using a private key stored in the token , such that the token stores at least the token ID, the private 
key, the user signature certificate and the certificate and the associated private key . 

2. (Currently Amended) The method recited in claim 1 , wherein the c e rtificate/privat e 
ke vcertificate and the associated private key is a plurality of certificat e s/privat e k e vs certificates 
and associated private keys wherein- that at least one certificat e /privat e k e v of the plurality of 
certificates and associated private keys is a signature certificate for the user, an encryption 
c e rtificat e /privat e k e v certificate and associated private key for the user, and a_role 
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c e rtificat e /privat e k e v certificate and associated private key for the use r wherein the role 
certificate includes at least one policy . 

3. (Currently Amended) The method recited in claim 2, wherein the wrapping of the 
certificate and the associated private key with the public key of the token encrypts the certificate 
and the associated private key . 

4. (Original) The method recited in claim 3, wherein the token is a smart card. 

5. (Original) The method recited in claim 4, wherein the token ID is assigned by a token 
manufacturer at the time the token is created and stored in the authoritative database when 
assigned to a user. 

6. (Currently Amended) The method recited in claim 5, wherein downloading the 
certificate/privat e k e v certficate and the associated private key to the token is done through an 
unsecured communications line. 

7. (Currently Amended) The method recited in claim 6, wherein decrypting the 
c e rtificat e /private kev certificate and the associated private key using athe private key stored in 
the token requires the entry of a passphrase by a user. 

8. (Currently Amended) The method recited in claim W7, further comprising: 

authenticating, by the signing of the certificat e /privat e k e v certificate and the 
associated private key using a signature certificate of the certificate authority, that the 
c e rtificat e /privat e k e v certificate and the associated private key were was issued by the certificate 
authority. 

9. (Currently Amended) A computer program embodied on a computer readable medium 
and executable by a computer for assigning c e rtificat e s/private k e ys certificates and associated 
private keys to a token, comprising: 
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accessing the token through a token reader connected to a computer system by a 
certificate authority; 

reading a token ID and a user signature certificate from the token; 

searching for a match for the token ID and the user signature certificate in an 
authoritative database; 

creating a certificate and an associated private key , wherein the certificate and the 
associated private key are -is wrapped with a public key associated with the token ID and digitally 
signing the c e rtificat e /privat e kev certificate and the associated private key using a signature 
certificate of the certificate authority if a match for the token ID and the user signature certificate 
is found in the authoritative database ; 

downloading the certificat e /privat e k e v c ertificate and the associated private key to 

the token; and 

decrypting the c e rtificate/privat e k e y certificate and the associated private key 
using a private key stored in the token , such that the token stores at least the token ID, the private 
key, the user signature certificate and the certificate and the associated private key . 

10. (Currently Amended) The computer program recited in claim 9, wherein the 
c e rtificat e /privat e k e v certificate and associated private key is a plurality of c e rtificat e s/privat e 
key scertificates and associated private keys wherein- that at least one c e rtificat e /privat e k e y of the 
plurality of certificates and associated private keys is a signature certificate for the user, an 
encryption certificat e /private k e y certificate and associated private key for the user, and arole 
ce rtificat e /privat e k e y certificate and associated private key for the use r, wherein the role 
certificate includes at least one policy . 

1 1 . (Currently Amended) The computer program recited in claim 10, wherein the wrapping 
of the certificate with the public key of the token encrypts the certificat e /privat e k e y certificate 
and the associated private key . 



12. (Original) The computer program recited in claim 11, wherein the token is a smart card. 
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13. (Original) The computer program recited in claim 12, wherein the token ID is assigned by a 
token manufacturer at the time the token is created and stored in the authoritative database when 
assigned to a user. 

14. (Currently Amended) The computer program recited in claim 13, wherein downloading 
the certificat e /privat e k e v certificate and the associated private key to the token is done through 
an unsecured communications line. 

15. (Currently Amended) The computer program recited in claim 14, wherein the decrypting 
the certificat e /privat e kev certificate and the associated private key using athe private key stored 
in the token requires the entry of a passphrase by a user. 

1 6. (Currently Amended) The computer program recited in claim 1 5, further comprising: 

authenticating by the signing the c e rtificat e /privat e k e v certificate and the 
associated private key using a signature certificate of the certificate authority that the 
c e rtificat e /privat e k e v certificate and the associated private key was issued by the certificate 
authority. 
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